A user utilizing a computing device often accesses internet websites for a variety of reasons. The internet websites provide services and benefits to the general public. However, the internet websites have come under attack. The problem is that the power in computing devices enables them to send hundreds or thousands of requests to major email service providers and attempts to access private websites, without human intervention.
The computing device's ability to demonstrate intelligence has been described by a Turing Test, based on a human differentiating between a computing device and a human. A modification of the Turing Test reversing the roles is the Reverse Turing Test (RTT), based on a computer differentiating between a computing device and a human. Based on the RTT scenario, Completely Automated Public Turing Tests to Tell Computers and Humans Apart (CAPTCHA), also known as Human Interactive Proof (HIP), was developed to ask a user to complete a simple challenge-response test generated and graded by the computing device to determine if the user is a human or a computing device. The test, CAPTCHA, should be relatively easy for humans to pass but difficult for automatic computer programs (i.e., bots) to pass.
CAPTCHAs have been proposed or deployed in applications. Traditionally, CAPTCHAs are based on text in which characters, typically English letters and numbers, are properly arranged and sophisticatedly distorted to prevent bots from segmenting the image of the text into individual characters and recognizing them. Conventional text-based CAPTCHAs are easy to generate and to grade, intuitive to humans, independent of different cultures and education backgrounds, and scalable to fit a large range of applications. Early approaches focus on disabling bots from recognizing characters in a CAPTCHA. However, research results show that computers are very good, better than humans, at recognizing single characters, even if these characters are highly distorted. Modern text-based CAPTCHAs rely on the difficulty of character segmentation rather than individual character recognition. With advances of computing technologies and segmentation algorithms, the gap between humans and bots has been increasingly narrowed. Conventional text-based CAPTCHA would eventually be unsuitable as a reverse Turing test: it would be too easy to prevent bots from passing the test or too hard for humans to recognize the characters. Alternative solutions to text-based CAPTCHAs are needed.
There have been efforts to develop non-text-based CAPTCHAs. A problem in designing non-text based CAPTCHAs is the difficulty in building a database with a sufficiently large set of classified, high-entropy entries. Building a large database that meets deployment requirements is expensive and very labor intensive. Another problem is that the database may not add new entries quickly and may not add a substantial amount of entries. After generating CAPTCHAs for a period of time, the entries in the database may be exhausted. Thus, not having new CAPTCHAs may cause repeatedly use of the previously used entries in the database, resulting in reduced security.
Thus, there is a need to address the afore-mentioned problems for CAPTCHAs.